Changing WAN port for Outlook Web Access

Running MS Exchange Serve 2003 (6.5) SP2 on Windows 2000 Server SP4. Users inside the building have access at http://mailserver/exchange (port 80), and I want to allow users to access OWA through the firewall through port mapping at some obscure port. However, if I map a public port, say, 23844 to port 80 on the mail server, OWA outside the firewall doesn't work. What other mappings do I need to get this to work? Thanks for the help.

Currently, I have the OWA server port changed to port n, and our public IP port n, so there is no change of port in the port mapping from the public IP to the private IP of the OWA server. If I change the OWA server back to port 80, and change the firewall port mapping to point from port n on the public IP to port 80 on the private IP, then OWA does not function outside the firewall.

Is ActiveSync required for OWA to work? If not, I don't need that to function outside the firewall.

Active Sync isn't required for OWA to work. But if down the road, your boss says, "Hey, I have this new (insert current hot PDA here) and I want to get my email on it", you may want to be able to tell him "yes" without mucking about with changes you made months ago.

Mestha is, as usual, correct that the best choice would be to get an SSL cert. Thawte and Verisign have them for only a couple hundred dollars per year.

I realize that using SSL is preferable to a non-encrypted port (security actually IS about obscurity, but that debate is for another time), but this is what I want to do.

Can you be more specific about "OWA doesn't respond well to being used on another port"? I am using OWA without a problem now, on my non-80 port. The problem arises when I try to map port 80 internally to another port externally thru the NAT'd firewall.

it's not necesary to buy a certificate, you can made you own by using MS-CA (delivered with server but most not installed). But you should use HTTP/HTTPS. for http you can use virtual server by name on IIS. for SSL you need a port for this virtual server. on SSL its not possible to get the right virtual server by name. thats why you need one port per virtual server.
this all is also know be exchange and IIS. to reference and forward to right places its sometimes required to build complete URL-strings (including port numbers). everytime such a string passes a port-translation-device where this URL is unchanged, the application is no longer working.

conclusion:
- dont translate ports of exchange-web-applications.
- if somer ports are already in use and you have to change them, then do this direct on then exchange-web-server. there you can easy change http and https ports.
- additionaly you can also setup second web-servers and/or additional ports for internal and external use.

Not the solution you were looking for? Getting a personalized solution is easy.